The FBI has announced the arrest of 10 members of a global cyber-crime ring, in relation to the Butterfly Botnet which targeted Facebook users through social engineering - stealing $850 million over two years.

Facebook users have been targeted by a global cyber crime ring which stole $850m over a two year period.

The FBI announced the arrests of the 10 individuals today, including suspects in the UK and the US, along with suspects from Croatia, Macedonia, New Zealand and Peru.

The malware had been targeting Facebook users for over two years before it was stopped, stealing over $850 million (£527m) from victims around the world.

The cyber criminals used social engineering to spread the Yahos malware and create what became known as the Butterfly Botnet.

The global cyber-crime ring which the FBI has disrupted managed to create a botnet of 11 million infected PCs, stealing users' credit card numbers, bank account details and other personal information.


Botnets are made up of compromised PCs and can be used by cyber criminals to execute distributed denial of service (DDoS) attacks, send spam e-mails, and conduct underground organised criminal activity including malware distribution.

The FBI received help form a large number of international law enforcement agencies, including the UK's Serious Organised Crime Agency (Soca). In a statement to the BBC, Soca said they had raided a property in Molesey, Surrey, on Tuesday morning.

A man was arrested on suspicion of offences under the Computer Misuse Act. He has been released on bail.

Social engineering

According to Tal Be'ery, web research team leader at security firm Imperva, the Yahos malware is reported to propagate via social engineering and therefore thrives in platforms like Facebook.

"An infected user will send a message to all of his friends [saying] 'How does this photo look?' with an attached malware file or malware link. Users naturally trust messages they receive from friends, will follow the link, will get infected themselves and the malware will try to spread to all of their friends, ad infinitum."

According to Be'ery, the malware is not unique to Facebook and could be spread through other social networks such as Instant Messenger (IM) but the ubiquity of Facebook means it was the obvious target.

Facebook's security team was helped the FBI track down those involved, tracking the propagation of the malware to its origin and discover "patient zero" of the Yahos epidemic.

"Patient zero was probably a fake profile (or profiles) created by the attackers to spread the malware. We assume, that using that account's access details (e.g. IP address) the FBI was given a lead to the people behind the operation."